Comments on: mod_security for Apache

By: fak3r

fak3r — Wed, 24 Jan 2007 15:49:13 +0000

In chasing down an error mod_security caused one user on the Roundcube-users mailing list, I recieved this setup for some of the extended mod_sec rulesets:

[quote comment="1643"]Thanks for your reply. Roundcube did something funny with it though. Now that I’ve hit reply I can see what your wrote. I’ll check the archive later to see if I missed anything.

Sorry, I meant to put more information in and forgot. I’m running a default install of Fedora Core 5 with Apache2, PHP5, MySQL, Dovecot and sendmail. I’m also only using the beta version of Roundcube.

As to the ruleset, I’m using those from gotroot which can be found here. http://www.gotroot.com/mod_security rules but not all. I have added the following to the base rules in mod_security.conf. Using them all can load up your server. The error logs seem to relate to useragents. You could try just that file if the rest are too hard on your server.

Include /etc/httpd/modsec/apache2-rules.conf
Include /etc/httpd/modsec/rules.conf
Include /etc/httpd/modsec/rootkits.conf
Include /etc/httpd/modsec/useragents.conf
Include /etc/httpd/modsec/recons.conf
Include /etc/httpd/modsec/badips.conf
# Include /etc/httpd/modsec/blacklist.conf
Include /etc/httpd/modsec/blacklist2.conf
Include /etc/httpd/modsec/jitp.conf
# Include /etc/httpd/modsec/proxy.conf

[/quote]

By: fak3r

fak3r — Wed, 24 Jan 2007 15:49:00 +0000

In chasing down an error mod_security caused one user on the Roundcube-users mailing list, I recieved this setup for some of the extended mod_sec rulesets:

[/quote]

By: fak3r

fak3r — Sat, 23 Dec 2006 04:28:53 +0000

Note to self, buy this: Apache Security by Ivan Ristic (creator of mod_security)

By: fak3r

fak3r — Sat, 23 Dec 2006 04:28:00 +0000

Note to self, buy this: Apache Security by Ivan Ristic (creator of mod_security)